Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
Max CVSS
7.8
EPSS Score
2.18%
Published
2007-06-06
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
Max CVSS
4.3
EPSS Score
0.87%
Published
2004-12-31
Updated
2017-07-11
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
Max CVSS
7.5
EPSS Score
1.09%
Published
2004-12-31
Updated
2017-07-11
3 vulnerabilities found